Saturday, March 12, 2016

Amazon's CTO wants to make it impossible for anyone else to access your data — including him

Werner Vogels, the man in charge of Amazon's cloud platform, AWS (Amazon Web Services), is in no doubt about the benefits of encryption.
"We really want to be in the position where only the customer has access to the data," Vogels told Business Insider. "Not us and not anybody else."
Encryption, data security, and privacy is an incredibly contentious topic right now.
Apple is battling the US Justice Department over an iPhone linked to one of the attackers in last year's shooting in San Bernardino, California. The FBI says it needs to access the phone's encrypted contents in case they contain useful evidence, and it wants Apple to build software to help disable certain security features. Apple has refused, arguing that doing so would set a dangerous precedent and weaken the security of all iPhones.
The case has descended into outright hostility between Apple and the Department of Justice. "In 30 years of practice I don't think I've seen a legal brief that was more intended to smear the other side with false accusations and innuendo," Apple general counsel Bruce Sewell said on Thursday.
The tech industry has largely rallied around Apple, releasing statements backing up the Cupertino, California-based technology giant and filing amicus briefs with the court to support its case. The FBI's case "threatens the core principles of privacy, security, and transparency that underline the fabric of the internet," one argues.
Amazon (along with Facebook, Google, Microsoft, Yahoo, and more than a dozen other companies) submitted a second amicus brief that said it thought "the government's order to Apple exceeds the bounds of existing law and, when applied more broadly, will harm Americans' security in the long run."
In an interview with Business Insider ahead of AWS' 10th birthday, Vogels declined to comment on the case or say whether he supports Apple personally, citing the "ongoing legal matter." But he spoke emphatically in favour of encryption.
Amazon tells customers using its cloud services that they should encrypt "their critical business data or personally identifiable data of their customers at a minimum," Vogels said, adding: "This is good security hygiene whether you're running in the cloud or whether you're running on premises, on principle you should do it anyway."
The Amazon.com chief technology officer said he supported "zero knowledge" hosting in which encryption allows the cloud provider to have no knowledge of what the customer uses the services for. "It's something we've been pushing our customers for years now," he said.
"We've got quite a few customers who've moved to 100% encryption," Vogels said. "We really want to move our customers to a world where they own the keys, and as such they are the only ones who decide who has access to the data, not anybody else, not us as a provider."
Amazon recently had an encryption furore of its own when it removed the option to encrypt user data on the Kindle Fire tablet. After a strong backlash in the media, Amazon performed an about-turn, and it reinstated the feature. (Vogels did not discuss this with Business Insider.)

Disclosure: Jeff Bezos is an investor in Business Insider through his personal investment company Bezos Expeditions.

No comments:

Post a Comment